You can see that 10.0 or higher agents communicate with Deep Security Manager over TLS 1.2, while 9.6 versions communicate over early TLS. It is not possible to enforce TLS 1.2 if you're using Deep Security as a Service.įigure 2 shows the TLS communication in an on-premise deployment, when TLS 1.2 is not enforced (the default). Similarly, newer third-party applications use TLS 1.2, while older ones use early TLS. You can see that 10.0 or higher agents communicate with Deep Security as a Service over TLS 1.2, while 9.6 versions communicate over early TLS. The diagrams below show the TLS communication in the Deep Security architecture.įigure 1 shows the TLS communication in a Deep Security as a Service environment.
This page describes the benefits of TLS 1.2, and how to use and enforce it in your Deep Security environment.
Trend Micro strongly recommends that you use TLS 1.2 communication between all its components. SSL has been discontinued due to security issues. When Deep Security components need to communicate, they determine the latest mutually-supported version of the encryption protocol and then use that version to secure all communication for the duration of their session. Transport Layer Security (TLS), and the earlier Secure Sockets Layer (SSL), are encryption protocols that enable secure connections between different endpoints. Use of strong cipher suites may cause compatibility issues. If you want to enable TLS 1.2 with only strong, A+-rated cipher suites, see instead Enable TLS 1.2 strong cipher suites.
0 kommentar(er)
